The present invention relates generally to electronic communications.
Generally, when a client establishes an electronic communication path over a network with a server at a remote location the path may not be secure. That is, messages sent between client and server may be susceptible to interception or tampering. This is especially true in communications paths initiated over large networks such as the Internet. In such unsecured environments, transfer of confidential information can be risky.
As accessibility to the Internet from remote locations continues to become more widely available and convenient, utilizing the Internet to perform tasks such as remotely accessing electronic mail and databases becomes increasingly desirable. Some methods have been developed to allow a remote user to establish secure communications sessions. For example, a variety of encryption methods have been developed at several network levels, such as at the transport protocol level (with, e.g., HTTPS) and the application level (with, e.g., encryption of transported files). As another example, firewalls can prevent access to sensitive data from unauthorized Internet clients. Current one-time password schemes can be used to allow access to the resources of a web server or network. However, such schemes often allow public access to the authentication system, thus potentially leaving the system open to "hackers" or other potential intruders.